Cisco’s VPN Concentrator 3000 Series has a bug that could leave it vulnerable to a denial of service attack.
According to Cisco, the vulnerability is the result of an “unspecified error” within the device’s SSL handling. It can be used to reload and/or drop user connections by sending specially crafted HTTPS packets to the device.
Cisco’s report says that the concentrator’s HTTPS service must be enabled (it’s not by default) and accessible by a malicious user.
The vulnerability affects devices running software version 4.1.7.A and prior, and includes models 3005, 3015, 3020, 3030, 3060, 3080 and the Cisco VPN 3002 Hardware Client.
The company says an update to version 4.1.7.B of the concentrator’s software will resolve the issue. It also offered two workarounds, noting that users can either disable the HTTPS service or block SSL traffic to the concentrator with a Transit ACL.
Details on how to obtain the update are available as part of Cisco’s advisory.